package com.pingan.internal.point.shopping.common.config;

import com.pingan.internal.point.common.filter.JwtAuthenticationTokenFilter;
import com.pingan.internal.point.common.handler.AccessDeniedExceptionHandler;
import com.pingan.internal.point.common.handler.AuthenticationExceptionHandler;
import com.pingan.internal.point.common.util.JwtTokenUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Slf4j
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.info("this is SecurityConfig - configure");
        http.csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .cors()
                .and()
                .authorizeRequests()
                .antMatchers("/goods/**", "/address/**","/admin","/admin/login","/*.*","/","/admin/goods/save-image","/User","/Order","GiftDetail").permitAll()
                //.antMatchers("/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
                .exceptionHandling()
                .accessDeniedHandler(getAccessDeniedExceptionHandler())
                .authenticationEntryPoint(getEntryPoint())
        ;
        http.headers().cacheControl();
    }

    @Bean
    public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
        return new JwtAuthenticationTokenFilter();
    }

    @Bean
    public JwtTokenUtil getJwtTokenUtil() {
        return new JwtTokenUtil();
    }

    @Bean
    public AuthenticationEntryPoint getEntryPoint() {
        return new AuthenticationExceptionHandler();
    }

    @Bean
    public AccessDeniedHandler getAccessDeniedExceptionHandler() {
        return new AccessDeniedExceptionHandler();
    }

}
